summaryrefslogtreecommitdiff
path: root/debian/patches-applied
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2008-08-08 10:37:15 -0700
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:28:19 -0800
commit5a550d7dd3da165bb6879fbbc10d18c6aa483659 (patch)
tree4fe0dc487d2c1df453a9d0875a9ee917a4a38da5 /debian/patches-applied
parent6824e112b77a535fd22e593b78c5f42b2926a29e (diff)
debian/patches/054_pam_security_abstract_securetty_handling: move the
warning log about an insecure tty back to pam_securetty proper; we don't want to generate log messages every time pam_unix is called as non-root. Closes: #493283. As a side-effect, pam_unix no longer logs any warnings about NULL password + insecure tty, but I don't think this is critical.
Diffstat (limited to 'debian/patches-applied')
-rw-r--r--debian/patches-applied/054_pam_security_abstract_securetty_handling9
1 files changed, 5 insertions, 4 deletions
diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling
index cd98a914..76318c43 100644
--- a/debian/patches-applied/054_pam_security_abstract_securetty_handling
+++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling
@@ -33,7 +33,7 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c
/* log a trail for debugging */
if (ctrl & PAM_DEBUG_ARG) {
-@@ -101,63 +97,10 @@
+@@ -101,63 +97,13 @@
return PAM_SERVICE_ERR;
}
@@ -98,6 +98,9 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c
+ if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) {
+ pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",
+ username, uttyname);
++ } else if (retval != PAM_SUCCESS) {
++ pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
++ uttyname);
}
return retval;
@@ -105,7 +108,7 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c
===================================================================
--- /dev/null
+++ pam.deb/modules/pam_securetty/tty_secure.c
-@@ -0,0 +1,92 @@
+@@ -0,0 +1,90 @@
+/*
+ * A function to determine if a particular line is in /etc/securetty
+ */
@@ -191,8 +194,6 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c
+ fclose(ttyfile);
+
+ if(retval) {
-+ pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
-+ uttyname);
+ retval = PAM_AUTH_ERR;
+ }
+